Tuesday, March 10, 2015

Who is facing catastrophe when technology is not supported?

I speak to business owners everyday asking them about the management of their technology. The very first response is, "You need to talk to my IT guy about that".  The very backbone of any business lies in the technology the employee's use everyday to do their jobs. Admittedly, business owners leave this critical piece of their operations in the hands of typical one or two key employees.
Over half of owners I meet with bring their IT person into the meeting and the reason they state is "He has control over everything to do with our network". Control, responsibility and day to day knowledge of their critical data system- all of these are handed over to one key person. In some cases it is a staff member with some limited IT know-how that can reset passwords, but most likely this is not the job they were hired to do. If a staff member is doing these things, then who is doing his or her job?

Why would one person have such a singular role in the most critical operational piece of a business?
It is a catastrophe waiting to happen. I do not try to position myself as some Grim Reaper looking to remove every single IT staff and replace them with a magical datacenter in the clouds. Far from it! I do believe that every single business owner needs to have a firm understanding of what they have operationally and how it can be best supported.

One client we had the privilege of helping came to us after one frantic morning at her business. She had a scare because that Monday morning her IT guy did not come into work. He left a note the previous Friday taped to the door of his office saying he was not coming back EVER!. All of their servers, network equipment and communications equipment were turned off. In his office, she found nothing that could help her get her business running and operational. After several calls not being returned by her errant former employee, she called us.
 She admitted to being completely unprepared for such an emergency. Within hours we had everything back and operational, and we set out to design a plan for continue management of her systems by our managed services team. This was not a small shop either- there were over 50 employee's affected by this emergency and it could have been and should have been avoided.

Fear of technology is one of the primary reasons more business owners do not take a more active role in this area of their business.

Looking at a cabinet full of switches, routers, servers, and cables can be very intimidating.  Logging on and seeing folders and lines of code is so foreign and burdensome. Most owners just want everything to work and are so grateful to the employee that makes it all possible that they wrap their business in a false sense of security. The phrase "I have this all handled" is one I hear over and over from owners in a variety of fields.

A conversation that has to happen before a catastrophe or a potential disaster occurs involves the impact of downtime.
On average, businesses can lose anywhere from between $5,600 and up to $108,000 (US) for every hour of IT system downtime, according to estimates from studies and surveys performed by IT industry analyst firms. In addition, financial services, telecommunications, manufacturing and energy lead the list of industries with a high rate of revenue loss during IT downtime. If an outage creates a disruption in a supply chain company with a high level of expectation in responsiveness (i.e., medical services or overnight delivery), the business may be exposed to damages. These damages stem from the inability to deliver (i.e., loss in delivery fees due to arriving late or lawsuits due to collateral damages).

With a hybrid solution of managed services from an outsourced technology provider, a company can make the most of their internal IT staff as a resource for continued growth and planning. Managed services will allow for ongoing management with up to date technology solutions using best in class industry practices. This can and will dramatically improve a business owners' probability of success with IT. The owner can now rest easily knowing their network is secure and running as it should without depending on a single source. 

Monday, February 9, 2015

Welcome back and watch out for your privacy

My first week back to work at NetGain IT and I am greeted with one of the biggest data breaches ever reported! Anthem, the nation's second largest health insurer, confessed to as many as 80 million of its members that hackers penetrated its IT systems and swiped their personal data.

Unfortunate incident? Uncommon occurrence? Not likely! Don't forget the nearly 42 million people who have had their health data compromised in HIPAA breaches to date. Big crevices in security allowed for Heartland Payment Systems breach in 2008, the Target breach, Community Health Systems Heartbleed attack, Sony –and more!

Privacy and security risks are here to stay and will not be going away anytime soon. These threats will continue to grow. FBI Director Robert S. Mueller III has stated that “there are only two types of companies: those who have been hacked, and those that don't know they've been hacked." The truth of that is evident in the amount of legislation that has flowed in recent years around HIPPA and other compliance areas.

"This should serve as yet another wake up call for those who haven't gotten it yet," said CynergisTek Co-Founder Mac McMillan. "Healthcare is a target." With so much of the focus by hackers on healthcare data and user information, the time is now to make a stronger case for changing how security is addressed. It cannot remain just about compliance and meeting the minimums to avoid fines.

Taking a look at where healthcare security is now, one can question where will it need to be to deliver the best healthcare without diluting the trust and valued health information of the people they serve? “We need to remember that our assets are not devices, but the information on them,” said Karl West, Intermountain chief information security officer, at the Privacy & Security Symposium in December. “Understanding where data is: that’s the security model of the future.”

Offering better training to end users on security for basic forms of sensitive information is a start.
Printed, spoken and electronic- each individual has the responsibility to protect the privacy and security of sensitive information. I myself am growing more and more conscious and I do not have the luxury of being one of those writers who can just carelessly toss away research and documentation without considering the implication of it's existence.

“The threat landscape is changing far too quickly for just a compliance-based approach to security,” Aetna CISO Jim Routh said after his organization was hit. Believing that each individual has to take a part in the solution is key, and I have the privilege to work for a firm that is building a better boat to chart these waters. We provide proactive tools to bring about end user awareness and  offer security assessments to all varieties of industries with specific criteria that can be addressed.

I am glad to back, and am bringing my best to the table in the hope that this landscape of data breaches can only improve each day and I can do my part.